“Advanced Web Attacks and Exploitation” provides experienced members of offensive teams with a comprehensive analysis of various vulnerabilities and their exploitation techniques in web applications.
Building on the PEN-200 and WEB-200 programs, this program deals in detail with the methods and techniques used to analyze the target web applications. This will give learners a comprehensive understanding of the underlying vulnerabilities that we will exploit. The aim of this course is to provide you with a general and repeatable approach to detecting and exploiting vulnerabilities in web applications, while at the same time deepening the fundamental knowledge required to work with modern web applications.
WEB-300 covers a wide range of advanced web-exploitation capabilities and techniques, including:
- Analysis and exploitation of a remote code execution (RCE) deserialization vulnerability in the DotNetNuke (DNN) platform
- Mastery of advanced web security methods such as fuzzing, static and dynamic analysis and manual code review
- Practicing session hijacking techniques to gain unauthorized access to sensitive data and functionality, including exploiting an RCE vulnerability in the Dolibarr application using a dedicated virtual machine
WEB-300: 17 modules, 20 labs, one goal – OWSE certification
WEB-300 is divided into 17 detailed modules, each focusing on different topics. Many modules contain accompanying videos and practical exercises to deepen the learning experience. In addition, 20 challenge labs are offered to test learners’ understanding and prepare them for the OffSec Web Expert (OWSE) certification exam.
As an advanced offensive course, WEB-300 is designed to test experienced penetration testers and security professionals who want to master advanced web application attacks and exploit techniques. It is expected that learners are not only familiar with basic web technologies and scripting languages such as JavaScript,PHP, Java and C#, but also have extensive experience with the offensive techniques taught in PEN-200.